Preventing a file edit by users on linux

Since your "some users" have sudo or root access to the machine, it is not fully possible. Because every thing you doing as root can revert by them. So, the only thing you can do is attributing. So it makes them some difficulty to modify the files, but still its not fully proof because of the same reason I mentioned in first sentence.

Using following command you can set attributes to file:

chattr +i /path/to/file

where +i mean immutable. So no one can edit the file without removing attribute. So in you script you do like following:

...
chattr -i /path/to/file # remove the immutable attribute of the file at the beginning of your script
...
...
...
...
chattr +i /path/to/file # attribute the file at the end of your script

Examples :

http://www.cyberciti.biz/faq/linux-write-protecting-a-file/

http://www.cyberciti.biz/tips/linux-password-trick.html

If they have root access, all bets are pretty much off..depending how savvy they are. One ugly way is to set immutable bit on your file. It will be unmodifiable as long as that attribute is set. Then change your scripts to remove that attribute before updating your file and set it back afterwards. Hopefully your users won't notice that attribute and their attempts at editing will be futile.

And obviously, the biggest thing is user education. We shouldn't ban hammers because idiots keep smashing their thumbs ;)